Kusserow’s Corner: Essential Hotline-Related Policies and Procedures

The critical communication channel for health care organizations continues to be Hotlines. It is a key component of an effective compliance program in that they serve the core mission of a compliance program. They ensure that legal and regulatory violations are avoided or corrected if they occur. However, hotlines are only effective if employees have knowledge of and are willing to use them. As such, steps should be taken to ensure that the hotline is operated professionally and consistently. Policies and procedure documents are a good way to set clear objectives and standards for the hotline. It is also important to recall that the HHS Office of Inspector General (OIG), in its compliance guidance, stresses the importance of implementing a variety of policy documents, many of which revolve around the hotline. The following are some suggested hotline-related policy documents:

Hotline Operation Policy. The purpose of a hotline policy should state the organization’s commitment to providing alternative channels for reporting problems and concerns. Furthermore, the policy should underscore that the hotline was established as an avenue for employees or interested parties to report suspected criminal activity or unethical conduct occurring within the organization in the event other resolution channels are ineffective or the caller wishes to remain anonymous.

Duty to Report Policy. It is important that employees and management are given an affirmative duty to report suspected wrongdoing; they must be aware that the failure to report could result in adverse action being taken against them.

Non-Retaliation Policy. The policy should state that any form of retaliation against any employee who reports a perceived problem or concern in good faith is strictly prohibited, and any employee who commits or condones any form of retaliation will be subject to discipline up to, and including, termination.

Anonymity. OIG Compliance Guidance specifically calls for organizations to have a policy to permit individuals to report problems and suspected violations anonymously.

Confidentiality Policies. The OIG also states that a policy should exist to protect the confidentiality of those reporting problems and requesting that their identity be protected.

Answering Protocol. A specific answering policy protocol should be used to assure consistency, accuracy, and professionalism of the hotline. The policy should detail the hours of operation and whether calls are handled by a live operator or voice mail service (live operators are strongly recommended). The policy should state the protections for callers’ confidentiality or anonymity.

Policy on Coordination of Effort. The hotline policy should establish a formal working relationship between the compliance office and human resources department, in that most calls can be expected to be in the human resources arena. Also, a policy should be established to form a formal working relationship between the compliance office and legal counsel. Calls raising serious issues are often resolved in cooperation with the legal or internal audit functions.

Policy on Misuse of the Hotline. The hotline policy should prohibit and, thus, discourage misuse of the hotline. It is important to realize that employees may be improperly motivated in using the hotline; however, the policy should protect employees who report information in “good faith.” Reporting in good faith means employees believe the problem or information they are reporting is accurate.

Hotline Records Management Policy. The hotline function is created to receive and generate records, documents, and other information, in both electronic and hardcopy format. Certain records must be maintained for given periods of time, as specified by applicable laws and regulations or as required by contractual obligations. Other records should either be retained or destroyed pursuant to a standard policy. A policy on this issue will save considerable problems later.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.